Install the October 2019 Android Security Update ASAP

Google’s monthly Android security patches are usually for Google devices only, but Samsung, Motorola, LG, Oppo, Huawei, and Xiaomi are releasing their own versions of the October 2019 security update to fix a serious zero-day vulnerability present on several Android smartphones. Those with vulnerable phones should make sure they download the patch as soon as it becomes available in the next few days.

The bug, which appears in the security patch notes as CVE-2019-2215, allows a hacker to remotely root and take full control of the device, although this requires the victim to first install the infected application (or the hacker uses an exploit. In combination with a loophole in Chrome for deploying an attack). The exploit is present on the following phones, although Google Project Zero warns that other phones may also be affected:

  • Google Pixel, Pixel XL, Pixel 2 and 2 XL
  • Samsung Galaxy S7, S8 and S9
  • Huawei P20
  • LG models running Android Oreo
  • Motorola Moto Z3
  • Oppo A3
  • Xiaomi A1, Redmi 5A and Redmi Note 5

Google will begin rolling out its October 2019 security patch on Tuesday, and other manufacturers are likely to have their own versions in the next few days. Watch for automatic update notifications or check for a patch yourself by going to the Settings app on your phone and searching for System Update. (The exact path will differ depending on your device and Android version.)

Google Project Zero reports that the bug has been successfully exploited, which raises a number of serious questions about who is using it and why. The exploit itself was created by the Israeli online security firm NSO, which denies that she or any of its clients, which are mostly government and national security organizations, are actively using the exploit.

While it is unlikely that average Android users will be targeted by those using the bug, it is serious enough that everyone should install the October 2019 security update as soon as it becomes available on their particular device, and for those using any of the above smartphones, special care should be taken. Meanwhile. This means resisting the urge to install apps from unknown sources, install a good antivirus app, and be careful about your web browsing – perhaps even consider using a mobile browser other than Chrome .

If you’re interested in learning more about the bug and how it works, check out the full Ars Technica report .


Leave a Reply